Merge branch 'master' into pub.solar

2023-06-13 23:51:13 +02:00 · 2023-06-13 23:51:13 +02:00 · 7327fbec43
parent 03ef77fb07 17a0f89775
commit 7327fbec43
16 changed files with 68 additions and 27 deletions
--- a/README.md
+++ b/README.md
@ -79,7 +79,7 @@ Extend and modify how users are authenticated on your homeserver.
 | ---- | -------- | ----------- | ------------- |
 | [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) (advanced) | x | REST authentication password provider module | [Link](docs/configuring-playbook-rest-auth.md) |
 |[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | x | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) |
-| [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | x | LDAP Auth password provider module | [Link](configuring-playbook-ldap-auth.md) |
+| [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | x | LDAP Auth password provider module | [Link](docs/configuring-playbook-ldap-auth.md) |
 | [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced) | x | A proxy that handles Matrix registration requests and forwards them to LDAP. | [Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md) |
 | [matrix-registration](https://github.com/ZerataX/matrix-registration) | x | A simple python application to have a token based matrix registration | [Link](docs/configuring-playbook-matrix-registration.md) |

--- a/docs/configuring-playbook-bot-chatgpt.md
+++ b/docs/configuring-playbook-bot-chatgpt.md
@ -20,10 +20,12 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt
 ```


-## 2. Get an access token
+## 2. Get an access token and create encryption keys

 Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).

+To make sure the bot can read encrypted messages, it will need an encryption key, just like any other new user. While obtaining the access token, follow the prompts to setup a backup key. More information can be found in the [element documentation](https://element.io/help#encryption6).
+

 ## 3. Adjusting the playbook configuration

--- a/docs/configuring-playbook-bot-postmoogle.md
+++ b/docs/configuring-playbook-bot-postmoogle.md
@ -4,12 +4,26 @@

 The playbook can install and configure [Postmoogle](https://gitlab.com/etke.cc/postmoogle) for you.

-It's a bot/bridge you can use to forward emails to Matrix rooms
+It's a bot/bridge you can use to forward emails to Matrix rooms. 
+Postmoogle runs an SMTP email server and allows you to assign mailbox addresses to Matrix rooms.

 See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you.

+## Prerequisites

-## Adjusting the playbook configuration
+### Networking
+
+Open the following ports on your server to be able to receive incoming emails:
+
+  - `25/tcp`: SMTP
+  - `587/tcp`: Submission (TLS-encrypted SMTP)
+
+If you don't open these ports, you will still be able to send emails, but not receive any.
+
+These port numbers are configurable via the `matrix_bot_postmoogle_smtp_host_bind_port` and `matrix_bot_postmoogle_submission_host_bind_port` variables, but other email servers will try to deliver on these default (standard) ports, so changing them is of little use.
+
+
+### Adjusting the playbook configuration

 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:

@ -21,9 +35,20 @@ matrix_bot_postmoogle_enabled: true

 # Generate a strong password here. Consider generating it with `pwgen -s 64 1`
 matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
+
+# Uncomment to add one or more admins to this bridge:
+#
+# matrix_bot_postmoogle_admins:
+#  - '@yourAdminAccount:domain.com'
+#
+# .. unless you've made yourself an admin of all bridges like this:
+#
+# matrix_admin: '@yourAdminAccount:domain.com'
 ```

-You will also need to add several DNS records so that postmoogle can send emails.
+### DNS
+
+You will also need to add several DNS records so that Postmoogle can send emails.
 See [Configuring DNS](configuring-dns.md).


@ -51,3 +76,13 @@ Then send `!pm mailbox NAME` to expose this Matrix room as an inbox with the ema
 Send `!pm help` to the room to see the bot's help menu for additional commands.

 You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/postmoogle).
+
+### Debug/Logs
+
+As with all other services, you can find their logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by running something like `journalctl -fu matrix-bot-postmoogle`
+
+The default logging level for this bridge is `INFO`, but you can increase it to `DEBUG` with the following additional configuration: 
+
+```yaml
+matrix_bot_postmoogle_loglevel: 'DEBUG'
+```
--- a/requirements.yml
+++ b/requirements.yml
@ -4,7 +4,7 @@
  version: v1.0.0-1
  name: aux
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
-  version: v1.2.4-1.7.13-0
+  version: v1.2.4-1.7.14-0
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
  version: v0.1.1-2
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
@ -26,7 +26,7 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
  version: v1.0.0-0
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
-  version: v2.10.1-0
+  version: v2.10.1-2
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
  version: v2.8.1-0
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
@ -35,7 +35,7 @@
  version: 6.1.0
  name: geerlingguy.docker
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v9.5.2-0
+  version: v9.5.3-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
  version: v8615-0
  name: jitsi
--- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml
+++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml
@ -4,7 +4,7 @@

 matrix_bot_chatgpt_enabled: true

-matrix_bot_chatgpt_version: 3.1.0
+matrix_bot_chatgpt_version: 3.1.2

 matrix_bot_chatgpt_container_image_self_build: false
 matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
--- a/roles/custom/matrix-bot-draupnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml
@ -4,7 +4,7 @@

 matrix_bot_draupnir_enabled: true

-matrix_bot_draupnir_version: "v1.82.0"
+matrix_bot_draupnir_version: "v1.83.0"

 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git"
--- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml
+++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml
@ -81,10 +81,10 @@ matrix_bot_postmoogle_maxsize: '1024'
 # A list of admins
 # Example set of rules:
 # matrix_bot_postmoogle_admins:
-# - @someone:example.com
-# - @another:example.com
-# - @bot.*:example.com
-# - @*:another.com
+# - '@someone:example.com'
+# - '@another:example.com'
+# - '@bot.*:example.com'
+# - '@*:another.com'
 matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}"

 # Sentry DSN. Deprecated, use matrix_bot_postmoogle_monitoring_sentry_dsn
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"

-matrix_hookshot_version: 4.0.0
+matrix_hookshot_version: 4.2.0

 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
--- a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
@ -81,7 +81,7 @@
      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
      --cap-drop=ALL
      -v {{ matrix_hookshot_base_path }}/config.yml:/config.yml
-      {{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml
+      {{ matrix_hookshot_docker_image }} node config/Config.js /config.yml
  register: hookshot_config_validation_result
  changed_when: false

--- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true
 matrix_mautrix_facebook_container_image_self_build: false
 matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"

-matrix_mautrix_facebook_version: v0.4.1
+matrix_mautrix_facebook_version: v0.5.0
 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
 matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
 matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"

-matrix_mautrix_instagram_version: v0.2.3
+matrix_mautrix_instagram_version: v0.3.0
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
 matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"

-matrix_client_element_version: v1.11.31
+matrix_client_element_version: v1.11.33
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-client-hydrogen/templates/config.json.j2
+++ b/roles/custom/matrix-client-hydrogen/templates/config.json.j2
@ -3,7 +3,7 @@
 	"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }},
 	"bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }},
 	"themeManifests": [
-		"{{ matrix_client_hydrogen_path_prefix }}assets/theme-element.json"
+		"{{ '' if matrix_client_hydrogen_path_prefix == '/' else matrix_client_hydrogen_path_prefix }}/assets/theme-element.json"
 	],
 	"defaultTheme": {
 		"light": "element-light",
--- a/roles/custom/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml
@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'

-matrix_dynamic_dns_version: v3.10.0-ls111
+matrix_dynamic_dns_version: v3.10.0-ls123

 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@ -4,7 +4,7 @@

 matrix_synapse_enabled: true

-matrix_synapse_version: v1.84.1
+matrix_synapse_version: v1.85.2

 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@ -334,6 +334,11 @@ matrix_synapse_limit_profile_requests_to_users_who_share_rooms: false
 # Defaults to 'true'.
 matrix_synapse_include_profile_data_on_invite: true

+
+# User search behaviour
+matrix_synapse_user_directory_search_all_users: false
+matrix_synapse_user_directory_prefer_local_users: false
+
 # Controls whether people with access to the homeserver can register by themselves.
 matrix_synapse_enable_registration: false
 # Controls whether people with access to the homeserver can register by themselves without verification (email/msisdn/token)
@ -784,11 +789,10 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
 # Enable this to activate the Shared Secret Auth password provider module.
 # See: https://github.com/devture/matrix-synapse-shared-secret-auth
 matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
-matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.2/shared_secret_authenticator.py"
+matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/2.0.3/shared_secret_authenticator.py"
 matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
 matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled: true
-# We'd like to enable this, but it causes trouble for Element: https://github.com/vector-im/element-web/issues/19605
-matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: false
+matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled: true
 matrix_synapse_ext_password_provider_shared_secret_config: "{{ matrix_synapse_ext_password_provider_shared_secret_config_yaml | from_yaml }}"
 matrix_synapse_ext_password_provider_shared_secret_config_yaml: |
  shared_secret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret | string | to_json }}
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@ -2631,7 +2631,7 @@ user_directory:
    # Uncomment to return search results containing all known users, even if that
    # user does not share a room with the requester.
    #
-    #search_all_users: true
+    search_all_users: {{ matrix_synapse_user_directory_search_all_users | to_json }}

    # Defines whether to prefer local users in search query results.
    # If True, local users are more likely to appear above remote users
@ -2640,7 +2640,7 @@ user_directory:
    # Uncomment to prefer local over remote users in user directory search
    # results.
    #
-    #prefer_local_users: true
+    prefer_local_users: {{ matrix_synapse_user_directory_prefer_local_users | to_json }}


 # User Consent configuration